

216.2K
Downloads
102
Episodes
The UK's leading small business cybersecurity podcast, helping SMEs protect against cyber threats without breaking the bank.
Join cybersecurity veterans Noel Bradford (CIO at Boutique Security First MSP) and Mauven MacLeod (ex-UK Government Cyber Analyst) as they translate enterprise-level security expertise into practical, affordable solutions for UK small businesses.
🎯 WHAT YOU'LL LEARN:
- Cyber Essentials certification guidance
- Protecting against ransomware & phishing attacks
- GDPR compliance for small businesses
- Supply chain & third-party security risks
- Cloud security & remote work protection
- Budget-friendly cybersecurity tools & strategies
🏆 PERFECT FOR:
- UK small business owners (5-50 employees)
- Startup founders & entrepreneurs
- SME managers responsible for IT security
- Professional services firms
- Anyone wanting practical cyber protection advice
Every episode delivers actionable cybersecurity advice that you can implement immediately, featuring real UK case studies
The UK's leading small business cybersecurity podcast, helping SMEs protect against cyber threats without breaking the bank.
Join cybersecurity veterans Noel Bradford (CIO at Boutique Security First MSP) and Mauven MacLeod (ex-UK Government Cyber Analyst) as they translate enterprise-level security expertise into practical, affordable solutions for UK small businesses.
🎯 WHAT YOU'LL LEARN:
- Cyber Essentials certification guidance
- Protecting against ransomware & phishing attacks
- GDPR compliance for small businesses
- Supply chain & third-party security risks
- Cloud security & remote work protection
- Budget-friendly cybersecurity tools & strategies
🏆 PERFECT FOR:
- UK small business owners (5-50 employees)
- Startup founders & entrepreneurs
- SME managers responsible for IT security
- Professional services firms
- Anyone wanting practical cyber protection advice
Every episode delivers actionable cybersecurity advice that you can implement immediately, featuring real UK case studies
Episodes

Friday Aug 01, 2025
Friday Aug 01, 2025
UK Ransomware Ban: Why Your SMB Just Became a Bigger Target
Show: The Small Business Cyber Security Guy Hot Take
Hosts: Graham Falkner & Noel Bradford
Episode Length: 7:30
Category: Business, Technology
Episode Description
The UK Government just dropped the most aggressive ransomware policy in the world - and it's about to make your small business a much more attractive target for criminals.
Join Graham and Noel as they break down the three shocking proposals that will reshape cyber threats for every British business by 2026.
What You'll Learn:
- Why 72% of consultation respondents backed payment bans despite industry panic
- How the "essential supplier" loophole could snare thousands of unsuspecting SMBs
- The brutal mathematics: £3K prevention vs £300K+ ransomware losses
- Why Cyber Essentials is about to become a business survival tool, not just compliance
Key Takeaway:
With criminals pivoting from locked-down public sector to easier SMB prey, you have 18 months to get your cyber house in order. Don't wait - the attack frequency is about to explode.
Key Statistics
- 72% Consultation support for payment ban
- £1B Global ransomware payments in 2023
- 80% Attack reduction with Cyber Essentials
- 18 Months to prepare before 2026
Key Topics
Government Ransomware Proposals
- Payment bans for public sector and CNI (no exceptions)
- Mandatory 72-hour incident reporting for all sectors
- Government pre-approval required for private sector payments
- Implementation timeline: Late 2026 (if passed)
The SMB Target Shift
- Global ransomware payments: $1 billion in 2023
- UK victims doubled on leak sites since 2022
- Attack displacement from public sector to private SMBs
- Volume strategy: 40 SMBs at £50K vs 1 NHS trust at £2M
Cyber Essentials Reality Check
- 68% reduction in successful ransomware attacks
- Five controls that actually work (when implemented properly)
- Insurance discounts becoming business necessity
- "Badges don't stop hackers, controls do"
Insurance Market Transformation
- Premium increases of 25-50% over next two years
- Claims denials for businesses without proper controls
- CE certification shifting from discount to baseline requirement
Real-World Case Studies:
- Post-ransom betrayal: Attackers left backdoors, insurance refused payout
- Lost government contract: SMB couldn't prove basic cyber hygiene after small breach
- Regulatory tag scenario: Sourdough bakery subject to cyber law for prison deliveries
Action Items
Immediate (Next 30 Days)
- Map CNI/public sector client relationships
- Assess potential supply chain compliance exposure
- Calculate business-specific ransomware impact costs
- Review current cyber insurance coverage terms
Short-term (90 Days)
- Begin Cyber Essentials certification process
- Implement five core security controls properly
- Establish professional security response relationships
- Test backup and recovery procedures monthly
Strategic (18 Months)
- Prepare for potential "essential supplier" designation
- Budget for insurance premium increases
- Develop incident response and crisis communication plans
- Create alternative business operation procedures
Blog Post: The UK Government's Ransomware Gambit: Why Your SMB Just Became a Bigger TargetRelated Episodes
- Episode 2: "Compliance Theatre vs Real Security"
- Episode 6: "Supply Chain Security: Your Weakest Link"
Rate and Review: Help other SMB owners discover critical cyber security insights by rating this episode on Spotify, Apple Podcasts, or your preferred platform.
Questions? Email: hello@thesmallbusinesscybersecurityguy.co.uk
Website: www.thesmallbusinesscybersecurityguy.co.uk
Episode Credits
Hosts: Graham Falkner, Noel Bradford
Production: The Small Business Cyber Security Guy
Copyright: © 2025 The Small Business Cyber Security Guy. All rights reserved.
Content for educational purposes. Consult cybersecurity professionals for specific business advice.

Thursday Jul 31, 2025
Help Desk MFA Reset Fails: Scattered Spider vs. UK Retail
Thursday Jul 31, 2025
Thursday Jul 31, 2025
Episode Description
Join Noel Bradford and Graham Falkner for another cybersecurity hot take as they dive into the alarming world of help desk social engineering attacks. This episode exposes how the notorious Scattered Spider group has weaponized basic human helpfulness to devastating effect, turning your friendly IT support into the front door for ransomware attacks.
From MGM's $100 million disaster to the recent wave of UK retail breaches (M&S, Co-op, Harrods), discover how teenagers armed with nothing more than convincing accents and sob stories are outsmarting million-pound security systems. Spoiler alert: it's not the tech that's failing us.
Key topics
- The Scattered Spider Phenomenon: Meet the English-speaking teenagers who graduated from Roblox to ransomware
- Help Desk Horror Stories: Why your MFA reset process is probably easier than ordering a dodgy kebab
- The MGM Masterclass: How one phone call led to 10 days of casino chaos
- UK Retail Ransomware Wave: The domino effect that took down half the high street
- Sandra's 3AM Security Failures: Why verification questions like "favourite biscuit" aren't cutting it
- Real Solutions That Actually Work: Beyond useless training modules to proper phishing-resistant MFA
Notable Quotes
"You can get your entire digital life reset with less hassle than ordering a dodgy kebab after the pub."
"The help desk culture these days - it's like the Wild West, but with more hold music and less gunfire."
"If your help desk can be outwitted by someone who sounds like they're late for a Fortnite tournament, you've got bigger problems than patching Windows."
"It's not hacking, it's just really, really good acting."
What You'll Learn
- How Scattered Spider targets help desk processes with surgical precision
- Why traditional security questions are laughably inadequate
- The real-world impact of social engineering attacks on major retailers
- Practical defenses that actually work (hint: it's not more training)
- Why your business might be the stepping stone, not the target
Solutions Discussed
- Video verification for all MFA resets
- Phishing-resistant MFA (FIDO2 keys, smart cards, PKI certificates)
- Proper RMM tool controls with device whitelisting and geographic restrictions
- Zero unauthenticated resets policy
- Monitoring for unusual authentication patterns
Episode Hightlights
- The career trajectory from Minecraft to MGM hacking
- Why "favourite colour" security questions are a disaster waiting to happen
- The proposed "angry Scottish nans verification panel" security policy
- The legendary cat impression MFA reset incident
- How one help desk call can ransomware half the high street
Perfect For
- Small business owners worried about cybersecurity
- IT professionals dealing with help desk security
- Anyone who's ever reset a password over the phone
- Security-conscious listeners who enjoy a good dose of British humor with their cyber threats
#Cybersecurity #ScatteredSpider #Ransomware #SocialEngineering #HelpDesk #MFA #UKRetail #MGM #SmallBusiness #InfoSec #PhishingResistant #SecurityAwareness
Remember: Security isn't about being perfect, it's about being better than the bloke next door. Don't let Sandra near the reset button after midnight!
See - https://www.noelbradford.com/blog/scattered-spider-helpdesk-mfa-reset-attack-warning-uk-2025

Tuesday Jul 29, 2025
Tuesday Jul 29, 2025
1984 is here! Just 41 years late - Big Brother is watching and censorship is increasing.
The UK's Online Safety Act went live July 25th, 2025. VPN usage exploded 1,400% overnight. Teenagers are using PlayStation screenshots to bypass age verification.
Join Noel Bradford and Mauven MacLeod for an emergency breakdown of Britain's most expensive digital policy failure and why every tech-savvy teen is already laughing at it.
Warning: Contains passionate commentary about government digital policy
The Spectacular Failure (0:00-4:00)
- ProtonVPN's 1,400% UK signup surge in 48 hours
- Death Stranding character defeats government AI systems
- Why teenagers always win the circumvention game
- Digital cavity searches for legal content access
The Authoritarian Agenda (4:00-7:00)
- Pattern of moral panics from rock music to the internet
- Surveillance infrastructure outlasts the panic that created it
- Ministers' unprecedented power to designate "harmful" content
- International platforms blocking UK users entirely
The VPN Danger Zone (7:00-10:00)
- Millions of non-tech users suddenly need VPN services
- How to avoid data harvesting and malware traps
- Red flags in free VPN services
- Recommended providers with proven track records
The Bottom Line (10:00-12:00)
- Why this was never about protecting children
- Essential digital literacy in the circumvention era
- The only rational response to broken digital policy
- 1,400% increase in VPN signups within hours of enforcement
- Over 280,000 signatures on petition to repeal the Act
- 6+ years from conception to failure by video game screenshots
- Zero responses from some platforms to compliance requirements

Monday Jul 28, 2025
Cyber Essentials - White House Security Principles for UK Small Business
Monday Jul 28, 2025
Monday Jul 28, 2025
Part 2 of White House CIO Insights Series | ~38 minutes
How do you implement White House-level security without White House-level budgets? Building on insights from former White House CIO Theresa Payton's interview with Scammer Payback, Noel and Mauven explore the UK's Cyber Essentials framework - translating enterprise security principles into achievable small business requirements.
The Five Cyber Essentials Controls:
- Boundary Firewalls - Your digital perimeter defense
- Secure Configuration - Closing manufacturer security gaps
- Access Control & MFA - 90% credential attack prevention
- Malware Protection - Beyond traditional antivirus
- Security Update Management - Systematic patching
Key Takeaways:
- Real implementation costs (£300+VAT basic certification, 2-4 weeks setup)
- Business benefits: insurance discounts, government contracts, supply chain compliance
- Why CE stops 80% of attacks targeting 80% of small businesses
- When you need more than basic frameworks
Featured Content:
Audio clips from Theresa Payton interview courtesy of Scammer Payback Podcast
- Building safety standards for cybersecurity
- MFA stopping 90% of credential attacks
- Systematic security thinking
Highly recommend the full Theresa Payton interview on Scammer Payback - covers nation-state threats, manipulation campaigns, deepfakes, and digital privacy. Essential cybersecurity listening.
Take Action This Week:
- Start Cyber Essentials self-assessment
- Enable multi-factor authentication everywhere
- Audit your third-party vendor list
Resources:
- NCSC Cyber Essentials Scheme: ncsc.gov.uk/cyberessentials
- Self-Assessment Portal: cyberessentials.ncsc.gov.uk
- Scammer Payback Podcast Subscribe
- "Manipulated" by Theresa Payton - Buy
Next Episode: Advanced Threats & AI
The final White House CIO series episode tackles threats that challenge enterprise security teams: AI-powered attacks, executive-fooling deepfakes, and psychological social engineering.
Subscribe & Review | Share with business owners who think cybersecurity requires unlimited budgets |
Special thanks to Daniel and Scammer Payback team
From White House situation rooms to your actual situation.

Monday Jul 21, 2025
White House CIO Insights - The Threat Landscape Small Business Faces
Monday Jul 21, 2025
Monday Jul 21, 2025
What's scarier - protecting the President or a small business in Manchester? Former White House CIO Theresa Payton says they face exactly the same sophisticated threats now.
Runtime: 36 minutes | Series: Part 1 of 3 | Hosts: Noel Bradford & Mauven MacLeodKey Topics Covered
- Nation-state targeting: North Korea (vengeful), Iran (cyber mercenaries), Russia (everything), China (supply chains)
- "Verify and never trust" - Evolution from Reagan's "trust but verify" for modern threats
- Island hopping attacks - Small businesses as stepping stones to larger targets
- White House security principles scaled for small business budgets
- Multi-factor authentication - 90% effective against credential attacks
- Supply chain vulnerabilities - Every vendor is a potential attack vector
- Systematic security thinking - Enterprise mindset without enterprise costs
Major Takeaways
- Same threats, different resources - SMBs face enterprise-level attacks without enterprise budgets
- Verification is critical - Modern threats require systematic verification of all requests
- MFA is transformative - 90% attack prevention for minimal cost - no excuse not to implement
- Process over products - Systematic thinking matters more than expensive technology
- Asymmetric warfare reality - Defenders must succeed daily; attackers need one breakthrough
- British politeness problem - Don't let politeness override security verification
Featured Audio Clips
Powerful segments from Theresa Payton's comprehensive interview courtesy of Scammer Payback podcast - essential listening for modern cybersecurity insights.
Full Featured Interview: https://www.youtube.com/watch?v=ScammerPaybackTeresaPayton
About Scammer Payback: Outstanding podcast and YouTube channel fighting cybercrime daily while educating about online threats.
Resources & Links
- Theresa's Book: "Manipulated: Inside the Cyberwar to Hijack Elections"
- Our Website: thesmallbusinesscybersecurityguy.co.uk for practical small business cybersecurity resources
Coming Next
Episode 9: Cyber Essentials - How UK government turned White House security principles into achievable small business framework. Five controls addressing 80% of attacks affecting 80% of SMBs.
Episode 10: Advanced Threats - AI, deepfakes, and social engineering that challenge even security professionals.
Your Immediate Action Items
- Today: Implement multi-factor authentication on ALL business accounts
- This week: Create verification procedures for payment/change requests
- This month: Audit vendor security practices and supply chain dependencies
- Ongoing: Train staff on "verify and never trust" protocols
Connect & Support
Website: thesmallbusinesscybersecurityguy.co.uk for actionable cybersecurity resources
Subscribe & Review: Help us reach more vulnerable businesses
Share: With that business owner using "password123" wondering why systems act strangely
From White House situation rooms to your actual business situation - if it's good enough for protecting the President, it's good enough for protecting your business.
#Cybersecurity #SmallBusiness #InfoSec #WhiteHouse #NationState #MFA #SupplyChain #CyberThreats #BusinessSecurity #CyberEssentials #Podcast #UKBusiness #SecurityAwareness #CyberDefense
Copyright 2025 The Small Business Cyber Security Guy Podcast - All rights reserved.

Monday Jul 14, 2025
The Hidden Dangers of Technical Debt
Monday Jul 14, 2025
Monday Jul 14, 2025
Show Notes
Duration: 25:16
Hosts: Mauven MacLeod & Noel Bradford
Technical debt isn't just old computers - it's a ticking time bomb in every UK business. When Noel discovers his local Oxford Council data was sitting in legacy systems for 21 years, things get personal. From NHS cyber deaths to £1.4 billion breaches, this episode reveals why "if it ain't broke, don't fix it" could destroy your business.
Warning: Contains one epic Noel rant and brutal truths about preventable disasters.
Shocking Statistics Revealed
- 160,000 Microsoft Exchange servers still vulnerable 4 months after patch
- 59% of UK public sector apps contain year-old security vulnerabilities
- Nearly half of £4.7 billion government IT spending just maintains aging systems
- Some organizations spend 75% of IT budget on legacy system life support
Episode Highlights
"Technical debt isn't just an IT problem - it's a business survival issue"
"We're talking about digital decisions made when people were still using typewriters, and they're still causing security problems today"
"Every shortcut has consequences. Every deferred update accumulates interest"
Next Episode Preview
We hear from Former White House CIO Theresa Payton about lessons from US government digital transformation that UK small businesses can actually use.
Take Action Now:
- Audit your systems - What are you actually running?
- Budget 20% of IT spending for technical debt reduction
- Plan Windows 10 migration - Support ends October 2025
- Document everything - Future you will thank present you
Share Your Stories
Tell us about your technical debt discoveries in the comments (minus the hacker-helpful details). Have you found systems you didn't know existed?
Like, Subscribe and Follow
🎧 New episodes every Monday
🔔 Hit the follow button for notifications
⭐ Rate and review if this episode convinced you to finally address your technical debt
Next: Episode 8 - White House CIO Insights (July 21-27)

Thursday Jul 10, 2025
McDonalds’ SuperSized Cyber Screw Up
Thursday Jul 10, 2025
Thursday Jul 10, 2025
Show Guide: When Basics Break - Special Bonus Episode
Duration: 9 minutes | Type: Special Episode
Episode Summary
McDonald's password "123456" exposed 64 million job applications. M&S lost £300M to a phone call. Our full team dissects how basic security failures are destroying major brands and what small businesses must learn.
Featured Team
- Noel Bradford - Lead Host
- Mauven MacLeod - Former Uk Government Cyber Analyst
- Oliver Sterling - Cybersecurity Veteran
- Dr. Sarah Chen - AI Security Researcher
Key Segments & Timestamps
🍟 McDonald's AI Disaster (0:00-3:00)
- Paradox.ai hiring bot secured with "123456" password
- IDOR vulnerability exposed all applicant data
- Vendor blamed "dormant 2019 test account"
- Lesson: AI features don't fix basic security
📞 M&S & Co-op Phone Scams (3:00-6:30)
- £300M lost at M&S, 20M records at Co-op
- Help desk reset admin passwords without verification
- Attackers gave BBC interviews while inside systems
- Lesson: Vendor security failures become yours
🌍 Global Security Catastrophes (6:30-9:00)
- AT&T: 73M accounts leaked
- Change Healthcare: $22M ransom, data still lost
- 23andMe: Genetic profiles exposed via credential stuffing
Key Takeaways
✅ Do The Boring Stuff:
- Strong passwords + MFA everywhere
- Regular patching and updates
- Proper help desk procedures
✅ Vendor Due Diligence:
- Ask about password policies
- Implement call-back verification
- If they can't answer security questions, walk away
✅ AI Reality Check:
- Shiny features don't compensate for weak foundations
- Basic vulnerabilities still dominate breaches
Episode Highlights
"It's the old 'move fast and break things' mindset, but now it's people's personal data on the line." - Dr. Sarah Chen
"A simple call-back to a registered number would've stopped the whole thing." - Mauven MacLeod
Immediate Actions for Small Business
- Change any "123456" or "password" credentials NOW
- Enable MFA on all business accounts today
- Create help desk verification procedures
- Audit vendor security practices
Content Notes
Real company breaches discussed. Some strong language regarding security failures.
Essential listening for business owners who think "it won't happen to us."
Remember: If major corporations with unlimited budgets fail at basics, small businesses need to be even more vigilant.
#Cybersecurity #DataBreach #SmallBusiness #PasswordSecurity

Monday Jul 07, 2025
Shadow IT - The Unauthorised Technology That’s Already Inside Your Business
Monday Jul 07, 2025
Monday Jul 07, 2025
Shadow IT: The Unauthorised Technology Inside Your Business
42% of business applications are unauthorised Shadow IT. Your employees have built hackers a data highway while trying to be helpful.
What You'll Learn
- Detection Methods: DNS monitoring, MDM, endpoint audits, ThreatLocker solutions
- GDPR Nightmare: Why Shadow IT makes data subject access requests impossible
- Real Examples: 17 project management tools in one 12-person company
- Management Strategies: Control without becoming a digital dictator
Immediate Actions
- Audit DNS logs for unknown cloud domains
- Check business credit cards for unauthorised SaaS subscriptions
- Ask employees "How do you actually do this job?"
Key Statistics
- 65% of remote workers use non-approved tools• £80,000 potential GDPR fine for £2M turnover business• 52% of enterprise SaaS apps are unsanctioned
Featured Solutions
ThreatLocker: Application whitelisting, DNS filtering, complete visibility without complexity
Expert Hosts
Noel Bradford: 40+ years experience, MSP CIOMauven MacLeod: Ex-NCSC cybersecurity expert
Next Episode
Technical Debt: The shortcuts strangling your business infrastructure
🔗 Subscribe for weekly cybersecurity insights💡 Share with business owners who need this⭐ Leave a review to help others find practical security advice